Neil J. RubenkingComodo Antivirus 2012Don't rely on Comodo Antivirus 2012 to clean up an infested system; it's just not good at that. It will keep a clean system clean, as long as you read and correctly respond to many popup queries from its Defense+ component. It's not for everyone.

Poor removal of detected malware, especially rootkits. Defense+ queries the user with many complex popups for both good and bad programs. Very poor results from independent labs. Secure DNS inserts ads in not-found error pages.

Bottom Line

Don't rely on Comodo Antivirus 2012 to clean up an infested system; it's just not good at that. It will keep a clean system clean, as long as you read and correctly respond to many popup queries from its Defense+ component. It's not for everyone.

Rootkit Scan SurpriseAs I was digging through the product's various settings, I came upon a surprise. Right there in the page of settings for on-demand scanning was a checkbox labeled "Enable rootkit scan," with no checkmark in the box. Why would Comodo build this feature into the antivirus and then disable it by default?

A timing test suggested one possible reason. Scanning my standard clean test system with Comodo Antivirus took just a few minutes longer than the current average. When I repeated that test with rootkit scanning enabled, it took about 20 percent longer.

I went back to the two test systems where Comodo had left rootkit specimens active, and re-scanned with the rootkit scan turned on. Like Comodo Cleaning Essentials, Comodo Antivirus can detect rootkits based on their sneaky behavior even if it doesn't have a signature for the specific threat. This ability detected one previously-missed threat. Even after this special scan, two of the rootkits remained unscathed.

Including these results in Comodo's test scores would have brought its rootkit removal score up from 3.9 points to 6.4, slightly above the current average. Its overall malware removal score would have gone from 5.4 to 5.9. However, given that the average user probably won't find and enable this feature, I let the existing results stand.

Defense+ pops up yellow, orange, or red alerts when it detects certain actions. Each detail-loaded popup asks the user whether to allow or block the described action, and popups appear for both good and bad programs. For testing, I allowed yellow and orange alerts and blocked red ones.

By running a program in the sandbox, you can impose four levels of restriction on its access to sensitive system areas. In its default configuration, the antivirus automatically sandboxes unknown programs at the least restrictive level.

When I opened a folder containing malware samples, Comodo's on-access scanner recognized and quarantined a bit over 40 percent of them on sight. I was a bit baffled by the program's reaction when I opened a folder containing hand-modified versions of the same threats—it detected more of those than of the unmodified versions! Of course, if a threat isn't detected on sight, the antivirus gets another chance when the threat launches.

Defense+ took point in blocking the threats from installing or running. In every case, the first notification that something might be wrong was either a Defense+ alert or a sandbox notification. For precisely half the samples I launched, the antivirus component eventually got in on the party, identifying and quarantining the threat.

Like Webroot SecureAnywhere Antivirus ($39.95 direct, 4.5 stars), Comodo Antivirus detected every single one of the threats. Webroot's perfect 10 is the only score higher than Comodo's 9.1 points for malware blocking. Looking specifically at rootkits, Webroot and Comodo both achieved a perfect 10 points.

A couple scareware samples managed to dump executable files or heaps of non-executable files on the test system despite Comodo's efforts, giving it 8.6 points for scareware blocking. To understand where these numbers come from, please read How We Test Malware Blocking.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »